LM-Commons · visto9259 · Aug 6, 2024 · Aug 5, 2024 · Aug 6, 2024 · Aug 6, 2024
diff --git a/docs/docs/role-providers.md b/docs/docs/role-providers.md
@@ -1,16 +1,45 @@
 ---
-sidebar_label: Role providers
-title: Role providers
+sidebar_label: Roles and Role providers
+title: Roles and Role providers
 sidebar_position: 4
 ---
 
+## Role types
+
+A role is an object that returns a list of permissions that the role has.
+
+`LmcRbac` support two types of roles: hierarchical roles and flat roles.
+
+### Flat roles
+
+A flat role is the simplest role object. It contains the list of permissions that
+the role has.
+
+Flat roles are defined using by the `LmcRbac\Role\Role` class or by classes
+implementing the `LmcRbac\Role\RoleInterface`.
+
+### Hierarchical roles
+
+A hierarchical role is a role that has child roles and therefore provides
+a hierarchy of roles where a role inherit the permissions of all its child roles.
+
+For example, a 'user' role may have the 'read' and 'write' permissions, and a 'admin' role 
+may inherit the permissions of the 'user' role plus an additional 'delete' role. In this structure,
+the 'admin' role will have 'user' as its child role.
+
+Hierarchical roles may have flat roles or hierarchical roles as children.
+
+Hierarchical roles are defined using by the `LmcRbac\Role\HierarchicalRole` class or by classes
+implementing the `LmcRbac\Role\HierarchicalRoleInterface`.
+
+## Role Providers
 A role provider is an object that returns a list of roles. A role provider must implement the
 `LmcRbac\Role\RoleProviderInterface` interface. The only required method is `getRoles`, and must return an array
 of `LmcRbac\Role\RoleInterface` objects.
 
 Roles can come from one of many sources: in memory, from a file, from a database, etc. However, you can specify only one role provider per application.
 
-## Built-in role providers
+### Built-in role providers
 
 LmcRbac comes with two built-in role providers: `LmcRbac\Role\InMemoryRoleProvider` and `LmcRbac\Role\ObjectRepositoryRoleProvider`. A role
 provider must be added to the `role_provider` subkey in the configuration file:

diff --git a/src/Identity/IdentityProviderInterface.php b/src/Identity/IdentityProviderInterface.php
diff --git a/src/Service/RoleService.php b/src/Service/RoleService.php
@@ -22,7 +22,6 @@
 namespace LmcRbac\Service;
 
 use LmcRbac\Identity\IdentityInterface;
-use LmcRbac\Identity\IdentityProviderInterface;
 use LmcRbac\Role\RoleInterface;
 use LmcRbac\Role\RoleProviderInterface;
 use Traversable;
@@ -70,7 +69,7 @@ public function getIdentityRoles(IdentityInterface $identity = null, mixed $cont
      * @param  array|Traversable $roles
      * @return RoleInterface[]
      */
-    private function convertRoles(iterable $roles): iterable
+    protected function convertRoles(iterable $roles): iterable
     {
         $collectedRoles = [];
         $toCollect = [];

diff --git a/test/Container/RoleServiceFactoryTest.php b/test/Container/RoleServiceFactoryTest.php
@@ -22,8 +22,6 @@
 namespace LmcRbacTest\Container;
 
 use Laminas\ServiceManager\ServiceManager;
-use LmcRbac\Identity\AuthenticationIdentityProviderFactory;
-use LmcRbac\Identity\IdentityProviderInterface;
 use LmcRbac\Options\ModuleOptions;
 use LmcRbac\Role\InMemoryRoleProvider;
 use LmcRbac\Service\RoleService;
@@ -50,8 +48,6 @@ public function testCanCreateRoleService(): void
             'services' => [
                 ModuleOptions::class => $options,
                 InMemoryRoleProvider::class => new InMemoryRoleProvider([]),
-//                \LmcRbac\Identity\AuthenticationIdentityProvider::class => $this->createMock(IdentityProviderInterface::class),
-                IdentityProviderInterface::class => $this->createMock(IdentityProviderInterface::class),
             ],
         ]);